Free malware tools are being exploited for malicious intent"When the Russian military is using free stuff, you know how good that stuff is."

A form of password, credit card details and cryptocurrency-stealing malware has been updated, making it even more potent for cyber criminals.

The Azorult malware has been been operating since 2016 and enables crooks to steal credentials including passwords, credit card details, browser histories and contents of cryptocurrency wallets from victims.

Now a new version of it is being advertised in an underground forum, as uncovered by researchers at tech security company Check Point, who describe it as "substantially updated".

New features include the ability to steal additional forms of crpytocurrency from the wallets of victims - BitcoinGold, electrumG, btcprivate (electrum-btcp), bitcore and Exodus Eden.

Reflecting the fast pace of malware development, the developer of Azorult also boats improvements to the cryptocurrency wallet stealer components and improvements to the loader.

Researchers also note some behind-the-scenes changes compared to previous versions of the malware, including a new encryption method to obfuscate the domain name, as well as a new key for connecting to the command and control server.

This new version of the malware first appeared for sale on October 4 - shortly after source code for Azorult versions 3.1 and 3.2 were leaked online. Check Point has already seen the free tools being used to power Gazorp, a malware builder which allows users to essentially generate an earlier version of Azorult at no cost.

It's likely this which has spurred the author of Azorult into releasing a new and improve version of the malware for sale.

"It is plausible that the Azorult's author would like to introduce new features to the malware and make it worthy as a product in the underground market," said Israel Gubi, malware researcher at Check Point.

The latest version of Azorult is delivered through the RIG exploit kit, using uses vulnerabilities in Internet Explorer and Flash Player to launch JavaScript, Flash, and VBscript-based attacks to distribute malware to users.

With Azorult seemingly reliant on known vulnerabilities to spread, users can go a long way to protect themselves from falling victim to it by ensuring they've installed the relevant software updates and patches.

Thank You

By registering you become a member of the CBS Interactive family of sites and you have read and agree to the Terms of Use, Privacy Policy and Video Services Policy. You agree to receive updates, alerts and promotions from CBS and that CBS may share information about you with our marketing partners so that they may contact you by email or otherwise about their products or services.
You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time.